[Freeipa-users] Trouble creating replica
John Dennis
jdennis at redhat.com
Wed Feb 20 14:47:17 UTC 2013
On 02/20/2013 08:43 AM, Bret Wortman wrote:
> [root at oldmaster]# pkicontrol start ca PKI-IPA
> PKI-IPA is an invalid 'pki-ca' instance
> [root at oldmaster]#
>
> Is there another, preferred way to start it?
pkiconsole is used to monitor/configure your instance, it's a GUI
application. Perhaps it can also be used to start/stop instances but
I've never seen it used that way and we don't use pkiconsole at all.
Normally the pki-ca instance is controlled using the same service
commands for any other daemon. Some of this has been in flux so the
details may depend on your exact OS. If you don't provide a specific
instance to start/stop then the service command will apply the action to
all your instances, usaully this is fine as usaully you only have one
instance.
As for debugging what is going on. pki-ca is a tomcat instance. You need
to locate it's log files under /var/log depending on the release it can
be named slightly differently but it should be obvious. You need to
understand how a tomcat instance starts, again this depends on the
release. Early start up messages will be written to catalina.out, those
are tomcat specific messages, if you have problems opening sockets (for
instance bad certs) it should show up in this file. Once tomcat hands
control over to the application (i.e. pki-ca) you will see messages in
the "debug" file located under the /var/log/pki-ca (or whatever, depends
on the release) directory. As I said it should be easy to find. Look in
that file for obvious problems.
HTH,
I forget the exact version you're running on which OS. If the above is
not specific enough we can get the dogtag folks to jump in.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list